Quarantine Settings and Attack Remediation

Define what happens to the components of an attack that is detected by Forensics. When files are quarantined, they are deleted and put in a secure location from which they can be restored, if necessary.

The automatic options are:

• Quarantine all attack elements - All components of the attack are quarantined.

• Quarantine only files with known malicious reputation - If a file is not known as malicious, it is not quarantined.

You can manually edit the treatment for each category of file: Malicious, suspicious, or unknown. For each category, you can select:

• Quarantine - Files are deleted and put in a secure location from which they can be restored, if necessary.

• Delete - Files are permanently deleted.

• Backup - Delete the file and create an accessible duplicate.

• None - No action is taken.

Trusted Files are those defined as trusted by the Check Point Reputation Service. The remediation options for Trusted Files are:

• Terminate - Stop the suspicious process.

• Ignore - Do not terminate processes. Activity is monitored.